This security analyst will be part of a team tasked with identifying, tracking and verifying the remediation of vulnerabilities in internal and external applications and systems. This role involves performing deep-dive analysis of vulnerabilities, operating vulnerability scanning tools, and building relationships with other groups within the IT organization. You will work closely with IT infrastructure, product teams, supply chain, and Cyber Security operations to reduce Eaton's attack surface. Stay up to date with the evolving technological and threat landscape and its potential impact on modern and legacy technologies, applications, and business processes.
• Monitor for vulnerabilities within applications, endpoints, databases, networking, and mobile and cloud services.
• Conduct continuous discovery, vulnerability assessment and remediation status of enterprise-wide assets.
• Advise employees responsible for remediation on the best reduction and remediation practices.
• Review and analyze vulnerability data to identify trends and patterns.
• Regularly report on the state of vulnerabilities, including their criticality, exploit probability, business impact, and remediation strategies.
• Serve as a point of contact for new and existing vulnerability-related issues.
• Collaborate with business teams and cyber security stakeholders to ensure appropriate governance structures are in place and that risks are documented.
• Provide vulnerability education and guidance to stakeholders, developers, IT and business leaders as needed.
• Maintain documentation related to vulnerability policies and procedures.
• Assist maintaining records for Eaton assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business.
• Identify areas of opportunity for improvement and automation within team processes.
• Perform other duties as assigned, including on-call rotations.
Qualifications:
• Bachelor’s degree in a technical discipline
• Overall 5-8 years of experience
• 3+ years of experience in security operations or vulnerability management.
• Ability to analyze and understand vulnerabilities and exploits
• Proficiency with commercial and open source vulnerability management solutions.
• Understanding of TTPs, MITRE ATT&CK framework, CVSS, OSINT, and deception techniques.
• Understanding of operating systems, applications, infrastructure, and cloud computing services.
• Understanding of OWASP, CVSS, MITRE ATT&CK framework.
• Capacity to comprehend technical infrastructure, managed services, and third-party dependencies.
• Preferably some experience with vulnerability management across AWS, Azure, or Google cloud Platform.
• Experience in Python or Powershell, with an emphasis on scripting, automation, and integrations.
• Experience in threat hunting or red teaming exercises is a plus.
• Strong communication skills: Ability to communicate effectively across all levels of the organization.
• Project management skills: Strong project management, multitasking, and organizational skills